9 November 2008. Thanks to Gearman and nmap, I've started
the port 79 expedition project again. I've scanned over 1 million hosts
this weekend, and so far... nothing found... stay tuned for updates.
To avoid getting shutdown because of misunderstandings, I'm using a
randomized list of IP addresses. Each of these lists is anywhere from
100,000 to 1 million lines of randomized IP addresses.
Here is the code that goes through the lists: fdaemon_search.rb
The code linked to above is a gearman client.
It farms out the work of
- converting integers to IPs
- updating the database if a finger daemon is found
The code will be changed so that the scanning of hosts is also
farmed out.
Yes, after a hiatus of 6 years and 11 months, we're back!
4 March 2004. Mozilla automatically does port blocking for you.
8 May 2003. I wanted to create a search service similar to
Yahoo or Google for port 79 where the finger service runs.
If an account is fingerable, fingering that account will tell
you various information about that account. What information is
returned varies from account to account. Usually there is
information such as the real name of the person whose account it is,
the last time they logged into that account, and perhaps a "plan"
file.
This page chronicles the adventure cataloguing the finger daemons
running on port 79.
For more info: RFC 1288: The finger user protocol
15 December 2001. Busted? I got this e-mail forwarded to me
by my excellent and awesome co-lo facility.
The port 79 expedition is currently on hold. For now, I'm going to
put up the source code I used for checking port 79 as well as some
stats:
First the good stuff: the source poll2.c poll2.sql
Second some stats:
- Range of IPv4 addresses scanned:
209.1.1.1 - 209.255.255.255, 63.3.1.1 - 63.5.255.255
- Total hosts scanned: 16,776,450
- Hosts with port 79 open: 170,326
- Hosts with port 80 open: 118,515
- Per cent of Internet scanned: 0.3 %
What's next? Well, I'm going to read the nmap source code.
I'm going to see if I can hack a version of a poll2 with ideas
from nmap. For example, I like the -sS flag/option combo in
nmap, since it doesn't alert most IDS's of a scan having taken
place. Also, I'm going to set up a form, so that folks can
just let me know and the rest of the world that they have
fingerd running. Last but not least, some sleep and xmas
shopping. Yeah right! ;-)
17 November 2001. This week I've been busy with work and side
projects, but I do have 10 clients scanning the IP range of
209.170.*.* to 209.179.*.*. My work station is about halfway done
with the scan.
You might have noticed from the results below that a lot of people
threaten prosecution or automatically accuse you of unauthorized
access. But today, I ran into a friendly server:
finger @209.195.196.177
[209.198.203.2]
CCC
Bienvenidos a GBnet El Salvador
Favor digite su user y password
13 November 2001. Last week I started scanning the internet for
servers with port 79 open, and ran into some interesting results:
- A list of servers with port 79 open found thus far(320kb)
- Results from using an expect script to go
through the above mentioned list (115k)
Do you have a finger daemon running? Feel free to
to send us an e-mail, and we'll add you to the list.
|
